VulnerableCode Package Details - pkg:deb/debian/firefox-esr@45.2.0esr-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4gwx-75uj-tyep	Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitable crash when the texture is later called.	CVE-2016-2828
VCID-bd3j-r1wt-dyf4	Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also be used for spoofing and clickjacking attacks against the browser UI.	CVE-2016-2831
VCID-bp6q-cu6s-2ke7	Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.	CVE-2016-2818
VCID-ev18-anej-zbap	Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site.	CVE-2016-2822
VCID-kvkh-dxw4-rfde	Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document.	CVE-2016-2819
VCID-sr99-hhmv-xkhq	Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash.	CVE-2016-2821

Vulnerability

Summary

Aliases

VCID-4gwx-75uj-tyep

Mozilla community member jomo reported a use-after-free crash when processing WebGL content. This issue was caused by the use of a texture after its recycle pool has been destroyed during WebGL operations, which frees the memory associated with the texture. This results in a potentially exploitable crash when the texture is later called.

CVE-2016-2828

VCID-bd3j-r1wt-dyf4

Security researcher sushi Anton Larsson reported that when paired fullscreen and pointerlock requests are done in combination with closing windows, a pointerlock can be created within a fullscreen window without user permission. This pointerlock cannot then be cancelled without terminating the browser, resulting in a persistent denial of service attack. This can also be used for spoofing and clickjacking attacks against the browser UI.

CVE-2016-2831

VCID-bp6q-cu6s-2ke7

Mozilla developers and community members reported several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

CVE-2016-2818

VCID-ev18-anej-zbap

Security researcher Jordi Chancel reported a method to spoof the contents of the addressbar. This uses a persistent menu within a <select> element, which acts as a container for HTML content and can be placed in an arbitrary location. When placed over the addressbar, this can mask the true site URL, allowing for spoofing by a malicious site.

CVE-2016-2822

VCID-kvkh-dxw4-rfde

Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document.

CVE-2016-2819

VCID-sr99-hhmv-xkhq

Security researcher firehack used the Address Sanitizer tool to discover a use-after-free in contenteditable mode. This occurs when deleting document object model (DOM) table elements created within the editor and results in a potentially exploitable crash.

CVE-2016-2821

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:09:47.980333+00:00	Debian Importer	Fixing	VCID-ev18-anej-zbap	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:41:52.768304+00:00	Debian Importer	Fixing	VCID-kvkh-dxw4-rfde	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:20:15.471252+00:00	Debian Importer	Fixing	VCID-4gwx-75uj-tyep	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:42:01.264759+00:00	Debian Importer	Fixing	VCID-sr99-hhmv-xkhq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:08:53.692601+00:00	Debian Importer	Fixing	VCID-bd3j-r1wt-dyf4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:39:05.636713+00:00	Debian Importer	Fixing	VCID-bp6q-cu6s-2ke7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:34:29.273199+00:00	Debian Importer	Fixing	VCID-bd3j-r1wt-dyf4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:19:03.982098+00:00	Debian Importer	Fixing	VCID-ev18-anej-zbap	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:58:16.116594+00:00	Debian Importer	Fixing	VCID-kvkh-dxw4-rfde	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:42:58.752367+00:00	Debian Importer	Fixing	VCID-4gwx-75uj-tyep	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:27:05.870810+00:00	Debian Importer	Fixing	VCID-sr99-hhmv-xkhq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:03:26.591431+00:00	Debian Importer	Fixing	VCID-bp6q-cu6s-2ke7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:17:48.328276+00:00	Debian Importer	Fixing	VCID-kvkh-dxw4-rfde	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:29.046799+00:00	Debian Importer	Fixing	VCID-bd3j-r1wt-dyf4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:13:54.392655+00:00	Debian Importer	Fixing	VCID-ev18-anej-zbap	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:11:13.489163+00:00	Debian Importer	Fixing	VCID-4gwx-75uj-tyep	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:46.218695+00:00	Debian Importer	Fixing	VCID-sr99-hhmv-xkhq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:50.218282+00:00	Debian Importer	Fixing	VCID-bp6q-cu6s-2ke7	https://security-tracker.debian.org/tracker/data/json	38.1.0